第一步：（每台机子都做）

关闭防火墙

systemctl stop firewalld 
systemctl disable firewalld

第二步： （每台机子都做）

永久关闭selinux

sed -i 's/enforcing/disabled/' /etc/selinux/config  

第三步：（每台机子都做） #关闭swap 分区

sed -ri 's/.*swap.*/#&/' /etc/fstab  

第四步： #设置主机名：（每台机子都做）

cat >> /etc/hosts <<EOF
192.168.235.134  k8s-master
192.168.235.131  k8s-node-1
192.168.235.132  k8s-node-2
192.168.235.133  k8s-node-3
EOF

第五步： #ssh 相互免密登录 （每台机子都做，copy id的命令本机不需要）

ssh-keygen -t rsa
ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.235.131
ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.235.132
ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.235.133
ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.235.134

第六步： 安装docker（可以封装成一个sh脚本直接执行）

wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
yum -y install docker-ce
systemctl enable docker && systemctl start docker
cat > /etc/docker/daemon.json << EOF
{
  "registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"]
}
EOF
systemctl daemon-reload
systemctl restart docker

查看是否安装好：systemctl status docker

第七步： 添加阿里云yum源

cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

第八步：（封装成脚本）

#!/bin/bash
# 关闭防火墙
systemctl disable firewalld
systemctl stop firewalld

# 关闭selinux
# 临时禁用selinux
setenforce 0
# 永久关闭 修改/etc/sysconfig/selinux文件设置
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

# 禁用交换分区
swapoff -a
# 永久禁用，打开/etc/fstab注释掉swap那一行。
sed -i 's/.*swap.*/#&/' /etc/fstab

# 修改内核参数
cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF

# 开启br_netfilter
modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf

# 设置kubernetes.repo

tee /etc/yum.repos.d/kubernetes.repo <<-'EOF'
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

# 安装kubernetes-1.18.2(必须指定k8s版本号)

yum install kubectl-1.18.2 kubelet-1.18.2 kubeadm-1.18.2 -y
systemctl enable kubelet && systemctl start kubelet

第九步：集群初始化

kubeadm init \
  --apiserver-advertise-address=192.168.235.134\
  --image-repository registry.aliyuncs.com/google_containers \
  --kubernetes-version v1.18.2 \
  --service-cidr=10.1.0.0/16 \
  --pod-network-cidr=10.244.0.0/16

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

第十步： 安装网络插件calico

curl https://docs.projectcalico.org/v3.10/manifests/calico.yaml -O
kubectl apply -f calico.yaml

第十一步：添加节点

kubeadm token create --print-join-command  #永久的，关机也不会丢失

得到的命令之后依次去从节点执行

kubeadm join 192.168.235.134:6443 --token v64ga0.0yz6c7r6ypy7kxgy     --discovery-token-ca-cert-hash sha256:5f7eb20f906c2506a5c0ea881a396b842aaa31c2ae06253087e9312bd2b9b7c9

添加完成后：

W0609 01:27:09.582159 36928 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected “cgroupfs” as the Docker cgroup driver. The recommended driver is “systemd”. Please follow the guide at https://kubernetes.io/docs/setup/cri/
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.17. Latest validated version: 19.03
[WARNING Hostname]: hostname “k8s-node1” could not be reached
[WARNING Hostname]: hostname “k8s-node1”: lookup k8s-node1 on 192.168.235.2:53: no such host
[preflight] Reading configuration from the cluster…
[preflight] FYI: You can look at this config file with ‘kubectl -n kube-system get cm kubeadm-config -oyaml’
[kubelet-start] Downloading configuration for the kubelet from the “kubelet-config-1.18” ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file “/var/lib/kubelet/config.yaml”
[kubelet-start] Writing kubelet environment file with flags to file “/var/lib/kubelet/kubeadm-flags.env”
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap…

This node has joined the cluster:

• Certificate signing request was sent to apiserver and a response was received.
• The Kubelet was informed of the new secure connection details.

Run ‘kubectl get nodes’ on the control-plane to see this node join the cluster.
可以去主节点看一下添加的节点：

kubectl  get nodes

第十二步：安装dashboard

dashaboard 比较难下载，这里提供下载方式https://mp.csdn.net/mp_download/manage/download/UpDetailed
first:
修改yaml文件,默认的dashboard是没有配置NodePort的映射的。
在第42行下方添加2行
nodePort: 30000
type: NodePort

[root@k8s-master ~]# vim recommended.yaml
...
 40   ports:
 41     - port: 443
 42       targetPort: 8443
 43       nodePort: 30000
 44   type: NodePort
 45   selector:
 46     k8s-app: kubernetes-dashboard
...

second：
添加dashboard管理员用户凭证。

[root@k8s-master ~]# cat >> recommended.yaml << EOF
---
# ------------------- dashboard-admin ------------------- #
apiVersion: v1
kind: ServiceAccount
metadata:
  name: dashboard-admin
  namespace: kubernetes-dashboard

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: dashboard-admin
subjects:
- kind: ServiceAccount
  name: dashboard-admin
  namespace: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
EOF

third:

 kubectl apply -f recommended.yaml

four:token 值获取

kubectl describe secrets -n kubernetes-dashboard dashboard-admin

 
**five:访问**

```bash
https://192.168.12.30:30000